Frequently Asked Questions

How do you configure ZAP logging?

ZAP logs to a file called “zap.log” in the ZAP ‘home’ directory.

The logging is configured by the log4j.properties file in the same directory.

By default the ‘main’ logging levels are set to “INFO” by these 2 lines:

log4j.logger.org.parosproxy.paros=INFO
log4j.logger.org.zaproxy.zap=INFO

Changing these to “DEBUG” (and restarting ZAP) will significantly increase the amount of logging performed:

log4j.logger.org.parosproxy.paros=DEBUG
log4j.logger.org.zaproxy.zap=DEBUG

Logging can be selectively enabled using a Stand Alone script while ZAP is running (the example below is a JavaScript script):

// The following will enable DEBUG logging for the API
org.apache.log4j.Logger.getLogger("org.zaproxy.zap.extension.api.API").setLevel(org.apache.log4j.Level.DEBUG);
// The following will enable DEBUG logging for the SessionFixation scanner
org.apache.log4j.Logger.getLogger("org.zaproxy.zap.extension.ascanrulesBeta.SessionFixation").setLevel(org.apache.log4j.Level.DEBUG);